Hi all,

One customer of mine wanted to **import** a **public key** he got from a partner. That public key had a 2048 bits modulus and a **5 bytes exponent**.

The problem was that CryptoAPI's RSAPUBKEY structure doesn't allow a 5 bytes exponent because it defines the public exponent with a DWORD (4 bytes max):

*typedef struct _RSAPUBKEY {DWORD magic ;DWORD bitlen ;DWORD pubexp ;} RSAPUBKEY;*

CryptoAPI only supports **4 byte exponents** with **MS CSPs** (Cryptographic Service Providers). **CNG** overcomes this limitation on Vista and later:

Key Storage and Retrieval

"*CNG is more flexible with regard to RSA key pairs. For example, CNG supports public exponents larger than 32-bits in length, and it supports keys in which p and q are different lengths.*"

Please, note that the restriction of 4 byte exponents are for MS CSPs only. CryptoAPI should be able to work with 5 byte exponents if using a **third-party CSP**.

Regards,

Alex (Alejandro Campos Magencio)